Dear, good morning.
I would like to propose a database for codes port scan, or create a code base with NMAP scans principalemnte which is the most widely used, not responding or not responding to them.
SEP blocks this type of action, but she is just starting and depending on the code used, the port scan continues to yield results, ie, desktop, notebook, etc., continues to answer requests.
With the example code in NMAP to explore internal networks. This code was used to capture failures in a network with XP SP2, but also used in Win7 and to my surprise, flirting with this code on Win7 yet been answered.
nmap-v - script = smb-check-vulns 192.168.0.0/24
The PC still even with SEP blocking the check, still answer the requests, inform MAC addresses, IP and their doors open, and still telling the vulnerabilities that can be explored with exploits.
The example would be - Do not respond to "nmap-v - script = smb-check-vulns 192.168.0.0/24" - creating a bridge to the base network by sending even if detected, how to program the OS / NETWORK to non-response to the scan.
The same code served perfectly and even suggested a new special that would scan for implementing add "- script-args = unsafe = 1", simply because it recognized that the former was not for this operating system.
The same has said that MS06-025 (exploit) was exploitable with MS07-029 after also checking results that ports like 135, 139 and 1025 were open. The SEP has previously reported that would be blocking this type of scan, but as we can see, nothing done.
My proposal is to establish real control in this type of verification, where the tool of protection, responds to this type of scan the network and not allowing no answer another stack or layer, that is, so our solution is placed in our computer, he is the administrator and not the user.
I hope you understood my idea, I'll be ready for any questions.
Big hug to everyone.